Time
59 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hey, everyone, welcome back to the course. So in the last video, we talked about our first case study. So again, cyber furniture was looking to replace their traditional last solution because it was so cumbersome to manage, and that led to a compromise of one of their Web applications.
00:14
So in that example, we suggested to them to use a 40 web
00:19
cloud Replication firewall as a service solution.
00:22
And they went ahead and implemented that, and we're able to see how easy was to set up custom rule sets.
00:28
In this video, we're gonna talk through case study number two. So in this example is going to be an e commerce store. And what we're going to do is we're going to do a tack on attack. Excuse me On our domain. Just a simple sequel, injection attack, and just number one. We're gonna take a look at the attack in our logs, and then we're also going to go ahead and enable the block mood. So let's talk through our
00:48
case study first.
00:51
So perfect Shoe store. It's an e commerce company, and it does approximately 30 million in revenue each year, so it's pretty successful and it's growing every single year.
01:00
Now they're using Amazon for the infrastructure is a service. So that means you're jetting up different servers, et cetera, and they're easy to instances.
01:06
And they've been using a traditional waft solution, though they haven't yet taken a Cloud West solution. So they got the appliance there in their office space.
01:15
What they've noticed is that there's an increase in attacks, specifically those you know, of course, from the Web, right? So the old ah stop 10. So things like sequel injection and cross site scripting.
01:23
Now they're looking for a product that allows him to easily block the most common wed threats to protect the Web applications again. Their goal is to reduce that overhead right? They don't want their team to have to manage just this all day long because there's a whole lot of attacks coming across the network.
01:38
So some questions I want you to think through as we talk through this case study. What's a product the company could implement quickly that allows them to block threats front of the loss of 10? Of course, you probably already know the answer to that one, but if you don't just think through what that answer might be.
01:53
And the number two how can they block threats with this product?
01:57
All right, so of course, number one there is thief or Net 40 Web cloud replication. Fire was a service solution. And the number two I'll show you how easy it is to actually block threats with this particular product.
02:07
Now, the first thing we want to do is we actually want to go ahead to our domain, so just go ahead and launch your domain. If you use a script that I have provided for you in the download, what you'll see is that here's your sample Web page we created. If you remember in that script, it had Hello, students. This is fun in it. So this is our web page here. Now what? We need to do
02:25
this. We need to do a simple sequel injection attacks. If you don't know how to do that,
02:30
if your brand new here, all you have to do is just click in the u. R. L right here.
02:35
And what we're going to do is just add a ford slash. We're gonna type in the word index
02:39
dot a S P
02:42
the question mark I d a n
02:45
an equal sign and there was going to do our attacks. Ah, equal sign will do a apostrophe
02:51
a space or space one equals one. So we're basically skin it a true statement there.
02:57
Now we're gonna go ahead and run that, and we're getting that not found there. What we're going to do now is go back to the Ford a Web
03:02
cloud Web application, firewalls, a service solution, and we're gonna go over to our
03:07
logs. So we screwed up a little bit here. We're gonna goto our logs
03:12
and click on attack logs here.
03:15
And sometimes it takes a moment or so to get the data coming in there. We'll just refresh.
03:21
All right, So what we see here when we look back on the logs and again, it may take a moment or so afford to refresh for you
03:25
when we see here is we see that there's critical and high alerts here and we see that it's from a sequel injection, which we obviously know because we just perform that attack.
03:36
Okay, great. We got sequel injection attacks coming at us. Well, how can we prevent against that? How could we quickly and easily block these common types of attacks again, Right? We're talking about the old boss, Top 10.
03:46
Well, it's very simple. You see, at the top, right of our screen, we can simply turn on block mode. So one click
03:53
and poof, just like magic is going to protect us.
03:57
Now, what we're going to do is we're gonna go back to our domain, and we're gonna try to run that same type of attack.
04:01
So you notice it might take two minutes to take effect. It's usually a little sooner than that for the block mode to take effect.
04:09
All right, so now if we go navigate back to our domain and we're gonna go back and we're gonna type in the forward slash were to do the exact same tax. So the ford slash than index
04:17
dot a S p. We're gonna put the question mark I dan the equal sign the apostrophe space. And then or and then our true statement one equals one,
04:28
and we're gonna go ahead and run that attack again. See what happens. So good news, right? It looks like it blocked us. So we were successful. There so Web page blocked. It's telling us that information. Now let's go back to the product here
04:39
and we're gonna go ahead and refresh things.
04:42
All right, so what you noticed Now, if we look at our logs after we've refreshed you notice that top line there says the action was blocked, right? So it's a critical threat. It's a sequel injection attack, violating the parameter of our u. R L. And it's gone ahead and blocked it automatically because we turned on block mode. So you see how simple that wasn't. How quickly you can
05:00
actually protect your organization. It was literally one click
05:04
took a few seconds to refresh. We went ahead and ran the attack again. And poof, just like magic. We were able to block that time of the attack.
05:15
So in this video, we just went over our case study. So again, we talked about an e commerce business that they were using a traditional last solution, and they wanted to reduce the overhead again, as well as quickly block common threats from the old glass. Top 10. So sequel injection, being number one in the S top 10 from 2017
05:32
and we were able to do so by quickly selecting the block mode button and then within just a matter of seconds, blocked this type of attack.
05:44
So in the next video, we're just gonna wrap up the course and our conclusion. We'll talk about all the things we've covered so far in this course.

Up Next

Fortinet FortiWeb Cloud WAF-as-a-Service

This course will cover a brief overview of the Fortinet FortiWeb Cloud WAF-as-a-Service. Learners will subscribe to the product in AWS Marketplace and then learn how to use the solution to automatically integrate their Route 53 domain name, setting up an EC@ instance, and create a web app.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor